It is designed to ensure all member states approach to data protection laws are unified and applied identically.

Protects EU citizens from organisations using their personal data irresponsibly.

Puts them in charge of what information is shared, where and how it’s shared.

The main purpose is to have responsible and transparent policies for handling such data, which is exactly that which we have had since October 1984.

What is Personal Data?

Although the definition of personal data has changed little in the last three decades, even experts can still get it wrong. Put simply, personal data is “any information relating to an identified or identifiable natural person (‘data subject’)”.

The scope for identifying a natural person has increased subtly but importantly under the GDPR, which now includes “online identifier” – which includes IP Address.

There are two really important, but common mistakes that catch people out. First, many assume that email addresses such as [email protected] or an office DDI number are not personal data because they belong to a business and are not “personal”. This is incorrect – anything that allows a natural person to be identified (think privacy rather than ownership) is personal data. An example which isn’t personal would be something like [email protected]

The second common mistake relates to information in the public domain, such as that found in directories or on social media. Nowhere in the DPA or GDPR does it define personal data according to where it came from. If you glean information from someone’s publicly available online profile, then that information still remains firmly within the scope of the GDPR.

Data Protection isn’t simply how you look after data in transit or at rest – it’s the entire lifecycle of how you collect, use and eventually destroy that data – something called ‘processing’.

The ultimate control needs to be exercised to give individuals the right to opt in or out to receive communication, and consent for their personal data to be held on databases. Avar have been working on protocols to allow this to happen for all aspects of business, which is why we haven’t followed the crowd and been quick to send meaningless opt in emails only, like most companies and organisation have done. Everyone will be the opportunity to “opt in” in due course.

Who is Overseeing GDPR?

The ICO (Information Commissioner’s Office) are responsible for overseeing the enforcement of GDPR.

They have always overseen the “Governance”.

They are an executive non-departmental public body.

They are also responsible for imposing and collecting fines.

Incidentally, they are also primarily funded by charging and collecting penalties!

Penalties for Non-Compliance and Data Breaches

There are heavy fines for Non-compliance.

The old fines were £500k (maximum).

New Maximum Fines are the greater of 4% of turnover or EUR20M.

The maximum fine possible for the most serious infringements, such as not having obtained customer consent to process data. However, the fines are tiered based on the level of severity of the data breach.

In 2016, Telecoms company, Talk Talk, were fined a record £400K by the ICO for security failings that allowed a cyber attacker to access customer data “with ease.

This fine would be the equivalent of £59M under the new regulations.

When does GDPR apply?

Enforced from 25 May 2018, although the ICO are not expecting all organisations to have all policies and procedures in place by then.

They expect every organisation to have made a start and have a plan to be GDPR compliant.

The UK will be bound by these regulations even after Brexit as it will still apply to all businesses handling EU resident’s personal data.

A Data Protection bill will enforce the GDPR in the UK and will replace the Data Protection Act 1998.

It does mean implementation on that date.

Those responsible have to demonstrate that polices have been organised for its eventual implementation.

GDPR in Practice

Avar have been registered with ICO from 2007 as a limited company and prior to that as a partnership, since its inception – reference: Z9998105.

This is in accordance with the requirement from ICAEW.

We at Avar have always had responsible, transparent policies towards managing such data since 1984.

We have gone some way into storing individuals and client’s data securely as good business practice.

It is merely the re-organisation, restructuring and our management of it.

From Avar’s perspective, no information is retained for marketing and purely for client management only.

This has now been totally formalised and structured.

Through the use of the online portal, files are already kept securely without the need for further encryption.

In addition, we will be reviewing contracts with clients, suppliers and employees to ensure compliance with GDPR.

Under these regulations, we are required to obtain consent for all contacts information held on our databases.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are as essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are as essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.